Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
---
vault_bootstrap: false
vault_ca_options:
common_name: kube-cluster-ca
format: pem
ttl: 87600h
vault_cert_dir: "{{ vault_config_dir }}/ssl"
vault_client_headers:
Accept: "application/json"
Content-Type: "application/json"
vault_config:
backend:
etcd:
address: "https://{{ hostvars[groups.etcd[0]]['ansible_default_ipv4']['address'] }}:2379"
ha_enabled: "true"
redirect_addr: "https://{{ ansible_default_ipv4.address }}:{{ vault_port }}"
tls_ca_file: "{{ vault_cert_dir }}/ca.pem"
cluster_name: "kubernetes-vault"
default_lease_ttl: "{{ vault_default_lease_ttl }}"
listener:
tcp:
address: "0.0.0.0:{{ vault_port }}"
tls_cert_file: "{{ vault_cert_dir }}/api.pem"
tls_key_file: "{{ vault_cert_dir }}/api-key.pem"
max_lease_ttl: 720h
vault_config_dir: /etc/vault
vault_container_name: kube-hashicorp-vault
vault_default_lease_ttl: 720h
vault_default_role_permissions:
allow_any_name: true
vault_deployment_type: docker
vault_etcd_needs_gen: false
vault_etcd_sync_hosts: []
vault_max_lease_ttl: 87600h
vault_needs_gen: false
vault_port: 8200
vault_secret_shares: 1
vault_secret_threshold: 1
vault_secrets_dir: "{{ vault_config_dir }}/secrets"
vault_temp_config:
default_lease_ttl: "{{ vault_default_lease_ttl }}"
backend:
file:
path: /vault/file
listener:
tcp:
address: "0.0.0.0:{{ vault_temp_port }}"
tls_disable: "true"
vault_temp_port: 8201
# This should be set higher up, but setting defaults here to avoid issues
etcd_cert_dir: /etc/ssl/etcd/ssl
kube_cert_dir: /etc/kubernetes/ssl
# Sync cert defaults (should be role, once include_role is fixed)
sync_file: ''
sync_file_dir: ''
sync_file_host_count: 0
sync_file_is_cert: false
sync_file_key_path: ''
sync_file_key_srcs: []
sync_file_path: ''
sync_file_results: []
sync_file_srcs: []